Lucene search
K

14 matches found

OSV
OSV
added 2025/12/09 10:43 p.m.4 views

CVE-2025-67496 WeGia is Vulnerable to XSS through id_pessoa Parameter on Password Configuration Page

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting XSS vulnerability in the /WeGIA/html/geral/configurarsenhas.php endpoint. The application does not sanitize user-controlled data before...

4.3CVSS5.1AI score0.00212EPSS
Exploits1References5
CVE
CVE
added 2025/12/09 10:43 p.m.12 views

CVE-2025-67496

WeGIA CVE-2025-67496 affects version 3.5.4 and earlier; Stored XSS in /WeGIA/html/geral/configurar_senhas.php occurs because user-controlled data (employee names) are retrieved from DB and inserted into HTML elements without proper escaping. This can allow script injection via the employee dropd...

5.4CVSS4.8AI score0.00212EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-50279

Name of the Vulnerable Software and Affected Versions WeGIA versions 3.5.4 and below Description WeGIA, an open source Web Manager for Institutions, is affected by a Stored Cross-Site Scripting XSS issue. The application fails to sanitize user-controlled data before rendering it within the employ...

4.3CVSS5.2AI score0.00212EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.2 views

Burgerportaal 安全漏洞

Burgerportaal is a GPP-Woo open source site for reading public documents. A security vulnerability exists in Burgerportaal versions prior to 2.0.3, prior to 3.0.2, and prior to 4.0.1, which stems from the exposure of employee names and e-mail addresses in a web response, which could lead to...

6.9CVSS6.2AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.4 views

PT-2025-41823

Name of the Vulnerable Software and Affected Versions gpp-burgerportaal versions prior to 2.0.3 gpp-burgerportaal versions prior to 3.0.2 gpp-burgerportaal versions prior to 4.0.1 Description gpp-burgerportaal is a Dutch government citizen portal application. In affected versions, the name and...

6.9CVSS6.1AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.6 views

saleor 输入验证错误漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. saleor suffers from an input validation error vulnerability that stems from a number of GraphQL mutations that do not...

5.3CVSS5.3AI score0.00516EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.4 views

Synel Eharmonynew 授权问题漏洞

Synel Eharmonynew is a time and attendance system from Synel Israel. Synel eharmonynew suffers from an authorization issue vulnerability that stems from the ability to log in to the system using default credentials and export eHarmony system reports containing sensitive data employee names,...

6.8CVSS6.5AI score0.00548EPSS
Exploits0References2
OSV
OSV
added 2021/04/13 7:15 p.m.2 views

CVE-2021-27605

SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last...

4.3CVSS5.8AI score0.00582EPSS
Exploits0References2
n0where
n0where
added 2017/09/25 4:23 a.m.20 views

Easy Intelligence Gathering: theHarvester

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...

7.1AI score
Exploits0References1
Hacker One
Hacker One
added 2017/01/12 5:46 a.m.17 views

New Relic: newrelic.atlassian.net - jira information disclosure

The ticket raising system used by newrelic suffers from an informational vulnerability where in an attacker can view certain details about open bugs or project information of newrelic. Details include employee names and potentially email address and ticket names which an unauthorized personnel ca...

0.8AI score
Exploits0
Kitploit
Kitploit
added 2013/12/31 10:21 p.m.16 views

[TheHarvester v2.2] The Information Gathering Suite

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2013/08/19 8:0 a.m.6 views

New Jigsaw Hacking Tool Spotted in Attacks

If you’ve run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networkin...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2013/02/25 6:44 p.m.116 views

[theHarvester v2.2a] Tool for Gathering

theHarvester is a tool for gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in ord...

9.9AI score
Exploits0
ThreatPost
ThreatPost
added 2010/02/02 3:39 p.m.9 views

80K Records' Breached in Iowa Gaming Hack

Around 80,000 Iowa employee names, birth dates and social security numbers have been exposed after an Iowa Gaming Commission server was hacked. Read the full article. Secure Computing...

4.2AI score
Exploits0References1
Rows per page
Query Builder